From 2f2744f46739e3c84181c8b4a3cfa1635059d8f2 Mon Sep 17 00:00:00 2001
From: wangzhong <wangzhong@cmss.chinamobile.com>
Date: Tue, 27 Jul 2021 02:52:44 -0700
Subject: [PATCH] rgw: add the condition of lock mode conversion to
 PutObjRentention

Signed-off-by: wangzhong <wangzhong@cmss.chinamobile.com>
(cherry picked from commit 585eae46a2bb7ed39ca2f3213801e0f77642c9d4)
---
 src/rgw/rgw_op.cc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 2339dccb7fd0e..9885fcc44e78f 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -8021,10 +8021,20 @@ void RGWPutObjRetention::execute()
     }
     if (ceph::real_clock::to_time_t(obj_retention.get_retain_until_date()) < ceph::real_clock::to_time_t(old_obj_retention.get_retain_until_date())) {
       if (old_obj_retention.get_mode().compare("GOVERNANCE") != 0 || !bypass_perm || !bypass_governance_mode) {
-	s->err.message = "proposed retain-until date shortens an existing retention period and governance bypass check failed";
+	  s->err.message = "proposed retain-until date shortens an existing retention period and governance bypass check failed";
         op_ret = -EACCES;
         return;
       }
+    } else if (old_obj_retention.get_mode() == obj_retention.get_mode()) {
+      // ok if retention mode doesn't change
+    } else if (obj_retention.get_mode() == "GOVERNANCE") {
+      s->err.message = "can't change retention mode from COMPLIANCE to GOVERNANCE";
+      op_ret = -EACCES;
+      return;
+    } else if (!bypass_perm || !bypass_governance_mode) {
+      s->err.message = "can't change retention mode from GOVERNANCE without governance bypass";
+      op_ret = -EACCES;
+      return;
     }
   }
 
-- 
2.39.5